An anonymous reader shares a report: Atari has announced yet another retro console revival, but this time it's launching hardware from an old competitor. Atari and Plaion, a company that develops, publishes, and distributes games, have collaborated on the new Intellivision Sprint that blends '80s console aesthetics with modern gaming conveniences. It's a new take on Mattel's Intellivision, which initially went head-to-head with the Atari 2600 when it was released in 1979. The $150 Sprint looks a lot like the original Intellivision with a gold and black case and a wood-grain panel on the front, but there are a lot fewer cables. It connects to a TV using a single HDMI cable, and while it still includes two controllers featuring dials and number pads instead of joysticks, they're both wireless and charge when docked to the console.

Read more of this story at Slashdot.

EA employees and the Communications Workers of America union have condemned the company's proposed $55 billion private acquisition -- backed by Saudi Arabia's Public Investment Fund and Jared Kushner's Affinity Partners, "claiming they were not represented in the negotiations and any jobs lost as a result would 'be a choice, not a necessity, made to pad investors' pockets," reports Eurogamer. From the report: Following the announcement, there's been plenty of speculation around the future of EA and its multiple owned studios, split between EA Sports and EA Entertainment. Now, members of the United Videogame Workers union and the CWA have issued a formal response alongside a petition for regulators to scrutinize the deal. "EA is not a struggling company," the statement reads. "With annual revenues reaching $7.5 billion and $1 billion in profit each year, EA is one of the largest video game developers and publishers in the world." This success has been driven by company workers, the union stated. "Yet we, the very people who will be jeopardized as a result of this deal, were not represented at all when this buyout was negotiated or discussed." Citing the number of layoffs across the industry since 2022, workers fear for "the future of our studios that are arbitrarily deemed 'less profitable' but whose contributions to the video game industry define EA's reputation." "If jobs are lost or studios are closed due to this deal, that would be a choice, not a necessity, made to pad investors' pockets - not to strengthen the company," the statement reads. "Every time private equity or billionaire investors take a studio private, workers lose visibility, transparency, and power," it continues. "Decisions that shape our jobs, our art, and our futures are made behind closed doors by executives who have never written a line of code, built worlds, or supported live services. We are calling on regulators and elected officials to scrutinize this deal and ensure that any path forward protects jobs, preserves creative freedom, and keeps decision-making accountable to the workers who make EA successful." As such, workers have launched a petition in a "fight to make video games better for workers and players -- not billionaires". The statement concludes: "The value of video games is in their workers. As a unified voice, we, the members of the industry-wide video game workers' union UVW-CWA, are standing together and refusing to let corporate greed decide the future of our industry."

Read more of this story at Slashdot.

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

At a court hearing last week, U.K. prosecutors laid out a litany of charges against Jubair and 18-year-old Owen Flowers, accusing the teens of involvement in an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area.

On July 10, 2025, KrebsOnSecurity reported that Flowers and Jubair had been arrested in the United Kingdom in connection with recent Scattered Spider ransom attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group.

That story cited sources close to the investigation saying Flowers was the Scattered Spider member who anonymously gave interviews to the media in the days after the group’s September 2023 ransomware attacks disrupted operations at Las Vegas casinos operated by MGM Resorts and Caesars Entertainment.

The story also noted that Jubair’s alleged handles on cybercrime-focused Telegram channels had far lengthier rap sheets involving some of the more consequential and headline-grabbing data breaches over the past four years. What follows is an account of cybercrime activities that prosecutors have attributed to Jubair’s alleged hacker handles, as told by those accounts in posts to public Telegram channels that are closely monitored by multiple cyber intelligence firms.

EARLY DAYS (2021-2022)

Jubair is alleged to have been a core member of the LAPSUS$ cybercrime group that broke into dozens of technology companies beginning in late 2021, stealing source code and other internal data from tech giants including Microsoft, Nvidia, Okta, Rockstar Games, Samsung, T-Mobile, and Uber.

That is, according to the former leader of the now-defunct LAPSUS$. In April 2022, KrebsOnSecurity published internal chat records taken from a server that LAPSUS$ used, and those chats indicate Jubair was working with the group using the nicknames Amtrak and Asyntax. In the middle of the gang’s cybercrime spree, Asyntax told the LAPSUS$ leader not to share T-Mobile’s logo in images sent to the group because he’d been previously busted for SIM-swapping and his parents would suspect he was back at it again.

The leader of LAPSUS$ responded by gleefully posting Asyntax’s real name, phone number, and other hacker handles into a public chat room on Telegram:

That story about the leaked LAPSUS$ chats also connected Amtrak/Asyntax to several previous hacker identities, including “Everlynn,” who in April 2021 began offering a cybercriminal service that sold fraudulent “emergency data requests” targeting the major social media and email providers.

In these so-called “fake EDR” schemes, the hackers compromise email accounts tied to police departments and government agencies, and then send unauthorized demands for subscriber data (e.g. username, IP/email address), while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.

EARTHTOSTAR

Prosecutors in New Jersey last week alleged Jubair was part of a threat group variously known as Scattered Spider, 0ktapus, and UNC3944, and that he used the nicknames EarthtoStar, Brad, Austin, and Austistic.

Beginning in 2022, EarthtoStar co-ran a bustling Telegram channel called Star Chat, which was home to a prolific SIM-swapping group that relentlessly used voice- and SMS-based phishing attacks to steal credentials from employees at the major wireless providers in the U.S. and U.K.

The group would then use that access to sell a SIM-swapping service that could redirect a target’s phone number to a device the attackers controlled, allowing them to intercept the victim’s phone calls and text messages (including one-time codes). Members of Star Chat targeted multiple wireless carriers with SIM-swapping attacks, but they focused mainly on phishing T-Mobile employees.

In February 2023, KrebsOnSecurity scrutinized more than seven months of these SIM-swapping solicitations on Star Chat, which almost daily peppered the public channel with “Tmo up!” and “Tmo down!” notices indicating periods wherein the group claimed to have active access to T-Mobile’s network.

The data showed that Star Chat — along with two other SIM-swapping groups operating at the same time — collectively broke into T-Mobile over a hundred times in the last seven months of 2022. However, Star Chat was by far the most prolific of the three, responsible for at least 70 of those incidents.

A review of EarthtoStar’s messages on Star Chat as indexed by the threat intelligence firm Flashpoint shows this person also sold “AT&T email resets” and AT&T call forwarding services for up to $1,200 per line. EarthtoStar explained the purpose of this service in post on Telegram:

“Ok people are confused, so you know when u login to chase and it says ‘2fa required’ or whatever the fuck, well it gives you two options, SMS or Call. If you press call, and I forward the line to you then who do you think will get said call?”

New Jersey prosecutors allege Jubair also was involved in a mass SMS phishing campaign during the summer of 2022 that stole single sign-on credentials from employees at hundreds of companies. The text messages asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page, saying recipients needed to review pending changes to their upcoming work schedules.

The phishing websites used a Telegram instant message bot to forward any submitted credentials in real-time, allowing the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

That weeks-long SMS phishing campaign led to intrusions and data thefts at more than 130 organizations, including LastPass, DoorDash, Mailchimp, Plex and Signal.

DA, COMRADE

EarthtoStar’s group Star Chat specialized in phishing their way into business process outsourcing (BPO) companies that provide customer support for a range of multinational companies, including a number of the world’s largest telecommunications providers. In May 2022, EarthtoStar posted to the Telegram channel “Frauwudchat”:

“Hi, I am looking for partners in order to exfiltrate data from large telecommunications companies/call centers/alike, I have major experience in this field, [including] a massive call center which houses 200,000+ employees where I have dumped all user credentials and gained access to the [domain controller] + obtained global administrator I also have experience with REST API’s and programming. I have extensive experience with VPN, Citrix, cisco anyconnect, social engineering + privilege escalation. If you have any Citrix/Cisco VPN or any other useful things please message me and lets work.”

At around the same time in the Summer of 2022, at least two different accounts tied to Star Chat — “RocketAce” and “Lopiu” — introduced the group’s services to denizens of the Russian-language cybercrime forum Exploit, including:

-SIM-swapping services targeting Verizon and T-Mobile customers;
-Dynamic phishing pages targeting customers of single sign-on providers like Okta;
-Malware development services;
-The sale of extended validation (EV) code signing certificates.

These two accounts on Exploit created multiple sales threads in which they claimed administrative access to U.S. telecommunications providers and asked other Exploit members for help in monetizing that access. In June 2022, RocketAce, which appears to have been just one of EarthtoStar’s many aliases, posted to Exploit:

Hello. I have access to a telecommunications company’s citrix and vpn. I would like someone to help me break out of the system and potentially attack the domain controller so all logins can be extracted we can discuss payment and things leave your telegram in the comments or private message me ! Looking for someone with knowledge in citrix/privilege escalation

On Nov. 15, 2022, EarthtoStar posted to their Star Sanctuary Telegram channel that they were hiring malware developers with a minimum of three years of experience and the ability to develop rootkits, backdoors and malware loaders.

“Optional: Endorsed by advanced APT Groups (e.g. Conti, Ryuk),” the ad concluded, referencing two of Russia’s most rapacious and destructive ransomware affiliate operations. “Part of a nation-state / ex-3l (3 letter-agency).”

2023-PRESENT DAY

The Telegram and Discord chat channels wherein Flowers and Jubair allegedly planned and executed their extortion attacks are part of a loose-knit network known as the Com, an English-speaking cybercrime community consisting mostly of individuals living in the United States, the United Kingdom, Canada and Australia.

Many of these Com chat servers have hundreds to thousands of members each, and some of the more interesting solicitations on these communities are job offers for in-person assignments and tasks that can be found if one searches for posts titled, “If you live near,” or “IRL job” — short for “in real life” job.

These “violence-as-a-service” solicitations typically involve “brickings,” where someone is hired to toss a brick through the window at a specified address. Other IRL jobs for hire include tire-stabbings, molotov cocktail hurlings, drive-by shootings, and even home invasions. The people targeted by these services are typically other criminals within the community, but it’s not unusual to see Com members asking others for help in harassing or intimidating security researchers and even the very law enforcement officers who are investigating their alleged crimes.

It remains unclear what precipitated this incident or what followed directly after, but on January 13, 2023, a Star Sanctuary account used by EarthtoStar solicited the home invasion of a sitting U.S. federal prosecutor from New York. That post included a photo of the prosecutor taken from the Justice Department’s website, along with the message:

“Need irl niggas, in home hostage shit no fucking pussies no skinny glock holding 100 pound niggas either”

Throughout late 2022 and early 2023, EarthtoStar’s alias “Brad” (a.k.a. “Brad_banned”) frequently advertised Star Chat’s malware development services, including custom malicious software designed to hide the attacker’s presence on a victim machine:

We can develop KERNEL malware which will achieve persistence for a long time,
bypass firewalls and have reverse shell access.

This shit is literally like STAGE 4 CANCER FOR COMPUTERS!!!

Kernel meaning the highest level of authority on a machine.
This can range to simple shells to Bootkits.

Bypass all major EDR’s (SentinelOne, CrowdStrike, etc)
Patch EDR’s scanning functionality so it’s rendered useless!

Once implanted, extremely difficult to remove (basically impossible to even find)
Development Experience of several years and in multiple APT Groups.

Be one step ahead of the game. Prices start from $5,000+. Message @brad_banned to get a quote

In September 2023 , both MGM Resorts and Caesars Entertainment suffered ransomware attacks at the hands of a Russian ransomware affiliate program known as ALPHV and BlackCat. Caesars reportedly paid a $15 million ransom in that incident.

Within hours of MGM publicly acknowledging the 2023 breach, members of Scattered Spider were claiming credit and telling reporters they’d broken in by social engineering a third-party IT vendor. At a hearing in London last week, U.K. prosecutors told the court Jubair was found in possession of more than $50 million in ill-gotten cryptocurrency, including funds that were linked to the Las Vegas casino hacks.

The Star Chat channel was finally banned by Telegram on March 9, 2025. But U.S. prosecutors say Jubair and fellow Scattered Spider members continued their hacking, phishing and extortion activities up until September 2025.

In April 2025, the Com was buzzing about the publication of “The Com Cast,” a lengthy screed detailing Jubair’s alleged cybercriminal activities and nicknames over the years. This account included photos and voice recordings allegedly of Jubair, and asserted that in his early days on the Com Jubair used the nicknames Clark and Miku (these are both aliases used by Everlynn in connection with their fake EDR services).

More recently, the anonymous Com Cast author(s) claimed, Jubair had used the nickname “Operator,” which corresponds to a Com member who ran an automated Telegram-based doxing service that pulled consumer records from hacked data broker accounts. That public outing came after Operator allegedly seized control over the Doxbin, a long-running and highly toxic community that is used to “dox” or post deeply personal information on people.

“Operator/Clark/Miku: A key member of the ransomware group Scattered Spider, which consists of a diverse mix of individuals involved in SIM swapping and phishing,” the Com Cast account stated. “The group is an amalgamation of several key organizations, including Infinity Recursion (owned by Operator), True Alcorians (owned by earth2star), and Lapsus, which have come together to form a single collective.”

The New Jersey complaint (PDF) alleges Jubair and other Scattered Spider members committed computer fraud, wire fraud, and money laundering in relation to at least 120 computer network intrusions involving 47 U.S. entities between May 2022 and September 2025. The complaint alleges the group’s victims paid at least $115 million in ransom payments.

U.S. authorities say they traced some of those payments to Scattered Spider to an Internet server controlled by Jubair. The complaint states that a cryptocurrency wallet discovered on that server was used to purchase several gift cards, one of which was used at a food delivery company to send food to his apartment. Another gift card purchased with cryptocurrency from the same server was allegedly used to fund online gaming accounts under Jubair’s name. U.S. prosecutors said that when they seized that server they also seized $36 million in cryptocurrency.

The complaint also charges Jubair with involvement in a hacking incident in January 2025 against the U.S. courts system that targeted a U.S. magistrate judge overseeing a related Scattered Spider investigation. That other investigation appears to have been the prosecution of Noah Michael Urban, a 20-year-old Florida man charged in November 2024 by prosecutors in Los Angeles as one of five alleged Scattered Spider members.

Urban pleaded guilty in April 2025 to wire fraud and conspiracy charges, and in August he was sentenced to 10 years in federal prison. Speaking with KrebsOnSecurity from jail after his sentencing, Urban asserted that the judge gave him more time than prosecutors requested because he was mad that Scattered Spider hacked his email account.

A court transcript (PDF) from a status hearing in February 2025 shows Urban was telling the truth about the hacking incident that happened while he was in federal custody. The judge told attorneys for both sides that a co-defendant in the California case was trying to find out about Mr. Urban’s activity in the Florida case, and that the hacker accessed the account by impersonating a judge over the phone and requesting a password reset.

Allison Nixon is chief research officer at the New York based security firm Unit 221B, and easily one of the world’s leading experts on Com-based cybercrime activity. Nixon said the core problem with legally prosecuting well-known cybercriminals from the Com has traditionally been that the top offenders tend to be under the age of 18, and thus difficult to charge under federal hacking statutes.

In the United States, prosecutors typically wait until an underage cybercrime suspect becomes an adult to charge them. But until that day comes, she said, Com actors often feel emboldened to continue committing — and very often bragging about — serious cybercrime offenses.

“Here we have a special category of Com offenders that effectively enjoy legal immunity,” Nixon told KrebsOnSecurity. “Most get recruited to Com groups when they are older, but of those that join very young, such as 12 or 13, they seem to be the most dangerous because at that age they have no grounding in reality and so much longevity before they exit their legal immunity.”

Nixon said U.K. authorities face the same challenge when they briefly detain and search the homes of underage Com suspects: Namely, the teen suspects simply go right back to their respective cliques in the Com and start robbing and hurting people again the minute they’re released.

Indeed, the U.K. court heard from prosecutors last week that both Scattered Spider suspects were detained and/or searched by local law enforcement on multiple occasions, only to return to the Com less than 24 hours after being released each time.

“What we see is these young Com members become vectors for perpetrators to commit enormously harmful acts and even child abuse,” Nixon said. “The members of this special category of people who enjoy legal immunity are meeting up with foreign nationals and conducting these sometimes heinous acts at their behest.”

Nixon said many of these individuals have few friends in real life because they spend virtually all of their waking hours on Com channels, and so their entire sense of identity, community and self-worth gets wrapped up in their involvement with these online gangs. She said if the law was such that prosecutors could treat these people commensurate with the amount of harm they cause society, that would probably clear up a lot of this problem.

“If law enforcement was allowed to keep them in jail, they would quit reoffending,” she said.

The Times of London reports that Flowers is facing three charges under the Computer Misuse Act: two of conspiracy to commit an unauthorized act in relation to a computer causing/creating risk of serious damage to human welfare/national security and one of attempting to commit the same act. Maximum sentences for these offenses can range from 14 years to life in prison, depending on the impact of the crime.

Jubair is reportedly facing two charges in the U.K.: One of conspiracy to commit an unauthorized act in relation to a computer causing/creating risk of serious damage to human welfare/national security and one of failing to comply with a section 49 notice to disclose the key to protected information.

In the United States, Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. If extradited to the U.S., tried and convicted on all charges, he faces a maximum penalty of 95 years in prison.

In July 2025, the United Kingdom barred victims of hacking from paying ransoms to cybercriminal groups unless approved by officials. U.K. organizations that are considered part of critical infrastructure reportedly will face a complete ban, as will the entire public sector. U.K. victims of a hack are now required to notify officials to better inform policymakers on the scale of Britain’s ransomware problem.

For further reading (bless you), check out Bloomberg’s poignant story last week based on a year’s worth of jailhouse interviews with convicted Scattered Spider member Noah Urban.

Valve is dropping support for Steam running on 32-bit versions of Windows, starting January 1, 2026. A report adds and comments: Steam has been available on Windows for more than two decades and, therefore, was built with 32-bit systems in mind. Today, every modern computer is 64-bit, with compatibility layers built in to support older 32-bit apps. So, even though 32-bit apps have carried forward, there's really no place for 32-bit operating systems anymore -- which is why Valve is axing support for them.

Read more of this story at Slashdot.

Gearbox CEO Randy Pitchford has responded to Borderlands 4 performance complaints by calling the game "a premium game made for premium gamers." Pitchford claimed customer service reports for performance issues represent "less than one percent of one percent" of players and told critics to "code your own engine and show us how it's done, please." The game holds a Mixed rating on Steam despite reaching 300,000 concurrent players Sunday, a franchise record. Gearbox recommends DLSS and frame generation for 60+ fps at 1440p even on powerful hardware. Pitchford compared running the game on older hardware to driving "a monster truck with a leaf blower's motor."

Read more of this story at Slashdot.

Last week Steam and other major storefronts crashed, reports the Guardian, including Nintendo's eShop, PlayStation Store and Microsoft Store. They were all "unable to cope with the demand for Hollow Knight: Silksong, the long-awaited sequel to the critically acclaimed 2017 indie hit Hollow Knight." (which had sold 15 million copies): SilkSong's release triggered widespread outages, with thousands of users reporting issues trying to buy the game in the first few hours of its release. Many were unable to complete purchases, with error messages persisting for almost three hours after the launch... Despite the technical hiccups, within 30 minutes of going live Steam reported more than 100,000 active players, suggesting many had managed to secure their copies. Aftermath says the "bug-tastic" phenomenon displaced everything except Counter-Strike 2 and Dota 2 on Steam's list of most-played games. The Guardian notes that "At least seven other new games have delayed their launch in the past two weeks to avoid a clash..." "People have been spamming the chat and the comments of every single game showcase or news event with the words 'Where's Silksong?' for years," writes the Guardian's video games editor: I've never seen another indie game achieve this level of notoriety before it was even released... As VGC points out, Atari released a similar game on the same day as Silksong (Adventure of Samsara) and it had only 12 concurrent players on Steam. They add that "the hype is justified". Eurogame called Silksong "beautiful, thrilling and cruel." PC Game said Silksong "glows with a level of precision and imagination that's hard to find anywhere else" and "will beat you, burn you, rub your face in the dirt, and then dazzle you with another piece of a haunted clockwork world." But at least some of the demand also came from the game's low price of $20 in the U.S., suggests Slashdot reader UnknowingFool (with variable regional pricing). "At 5.2M wishes, it was the most wish listed game on Steam. In Brazil, the local price was 74.95 Brazil Real or 13.94 USD." In the age of $70+ AAA games with additional costs, not everyone celebrated the consumer friendly price. Some independent game developers have expressed concern that their games may not sell as well compared to Silksong and cannot afford to charge less. From ScreenRant: Hollow Knight: Silksong's unbelievably low price point of just $19.99 is exceptionally good value for the consumer. It is an incredibly lengthy game that is only marginally more expensive than its predecessor... it is proving to be a source of controversy for other indie developers who believe it will distort players' expectations.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Last year, we reported on the efforts of classic iPod fans to preserve playable copies of the downloadable clickwheel games that Apple sold for a brief period in the late '00s. The community was working to get around Apple's onerous FairPlay DRM by having people who still owned original copies of those (now unavailable) games sync their accounts to a single iTunes installation via a coordinated Virtual Machine. That "master library" would then be able to provide playable copies of those games to any number of iPods in perpetuity. At the time, the community was still searching for iPod owners with syncable copies of the last few titles needed for their library. With today's addition of Real Soccer 2009 to the project, though, all 54 official iPod clickwheel games are now available together in an easily accessible format for what is likely the first time. [...] Now that the consolidated clickwheel game collection is complete, though, owners of any iPod 5G+ or iPod Nano 3G+ should be able to sync the complete library to their personal device completely offline, without worrying about any server checks from Apple. They can do that by setting up a Virtual Machine using these GitHub instructions or by downloading this torrented Internet Archive collection and creating their own Virtual Machine from the files contained therein. The effort was made possible by GitHub user Olsro, with help from other iPod enthusiasts. To Olsro, completing the project "means this whole part from the early 2000s will remain with us forever." He also expressed hope that "this Virtual Machine can also be useful towards any security [or] archeologist researcher who want to understand how the DRM worked."

Read more of this story at Slashdot.

Steam's August 2025 hardware survey shows 32GB RAM configurations reached 35.42% of users while 16GB systems fell to 41.67%, continuing a six-month trend that positions 32GB to become the dominant memory configuration among PC gamers before year's end. Windows 11 crossed 60% adoption among Steam users. The RTX 4060 continues gaining market share despite newer RTX 5060 availability. Display resolutions at 2560x1600 pixels saw the largest growth, primarily from gaming laptops.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Earlier this month, EA announced that players in its Battlefield 6 open beta on PC would have to enable Secure Boot in their Windows OS and BIOS settings. That decision proved controversial among players who weren't able to get the finicky low-level security setting working on their machines and others who were unwilling to allow EA's anti-cheat tools to once again have kernel-level access to their systems. Now, Battlefield 6 technical director Christian Buhl is defending that requirement as something of a necessary evil to combat cheaters, even as he apologizes to any potential players that it has kept away. "The fact is I wish we didn't have to do things like Secure Boot," Buhl said in an interview with Eurogamer. "It does prevent some players from playing the game. Some people's PCs can't handle it and they can't play: that really sucks. I wish everyone could play the game with low friction and not have to do these sorts of things." Throughout the interview, Buhl admits that even requiring Secure Boot won't completely eradicate cheating in Battlefield 6 long term. Even so, he offered that the Javelin anti-cheat tools enabled by Secure Boot's low-level system access were "some of the strongest tools in our toolbox to stop cheating. Again, nothing makes cheating impossible, but enabling Secure Boot and having kernel-level access makes it so much harder to cheat and so much easier for us to find and stop cheating." [...] Despite all these justifications for the Secure Boot requirement on EA's part, it hasn't been hard to find people complaining about what they see as an onerous barrier to playing an online shooter. A quick Reddit search turns up dozens of posts complaining about the difficulty of getting Secure Boot on certain PC configurations or expressing discomfort about installing what they consider a "malware rootkit" on their machine. "I want to play this beta but A) I'm worried about bricking my PC. B) I'm worried about giving EA complete access to my machine," one representative Redditor wrote.

Read more of this story at Slashdot.

A court injunction in the long fight between Fortnite publisher Epic Games and Google could have “catastrophic results for the nation’s security” and “risks creating massive cybersecurity vulnerabilities in the online ecosystem,” a group of former top government officials said in a filing Monday.

At issue, they wrote, is a district court injunction requiring Google to work with Epic Games to establish a technical committee on the Google Play Store. This committee would review disputes over the store’s business practices and regulations. The former officials filed an amicus curiae brief siding with Google, which lost in the latest legal salvo, saying that any such committee would sorely lack the ability to mediate the myriad cybersecurity threats presented to users through the store.

“The district court and the Technical Committee are woefully ill-equipped to manage the complex, numerous, and dynamic cybersecurity threats to millions of Android users that will result from allowing countless new apps to flood the Google Play Store and third-party app stores,” they wrote.

Rather, they contend, “Google, with state-of-the-art cybersecurity practices and a trusted app ecosystem, is best positioned to manage those security risks, but the injunction would hamstring Google’s ability to secure its platforms by requiring it to allow developers to provide links directly to users, to distribute third-party app stores, and to allow third-party app stores access to the Google Play Store catalog.”

And “even one mis-clicked link or one nefarious downloaded app can have catastrophic results, allowing malicious actors to access Android devices and data,” they contend.

Signing onto the filing were Tatyana Bolton, former cyber policy lead at the Cybersecurity and Infrastructure Security Agency; Joel Brenner, former inspector general and senior counsel at the National Security Agency and counterintelligence head in the Office of the Director of National Intelligence; Paul Lekas, former deputy general counsel at the Defense Department; John Shanahan, former DoD director at the Joint Artificial Intelligence Center; Joseph Anderson, a former Army official; Steven Bellovin, former chief technologist at the Federal Trade Commission; David Shedd, former deputy director of the Defense Intelligence Agency and a former National Security Council official; and Gene Tsudik, a computer science professor at the University of California, Irvine.

The brief is tied to a ruling in a 2020 case where Epic leveled allegations of monopolistic practices against Google over in-app purchase fees. Epic Games has won antitrust rulings against Google, most recently on July 31. Google itself has been arguing that the rulings will raise privacy and security risks, as have others who are siding with Google on the debate.

The Google Play Store is one of the most popular ad marketplaces in existence, with the company claiming it’s used by more than 2.5 billion monthly users across 190 markets worldwide.

It differs from its main competitor, Apple, by allowing users to download apps from third-party sources. In contrast, Apple’s App Store operates within a closed ecosystem, strictly controlling the installation of apps and prohibiting third-party stores. Additionally, Google typically enforces a less stringent app review process compared to Apple’s often rigorous approval standards, giving developers a faster and more accessible route to publishing their apps on Android devices.

Due to the differences, malicious or fraudulent apps are constantly found on Google’s store. 

The latest court ruling disputed the extent of any security woes that would arise.

“Though Google may decry the inconvenience of having to design ‘new protocols’ to address the security risks of carrying app stores, its own expert conceded that Google would be able to meet these difficulties with the same technological criteria it uses for other third-party software applications already on the Play Store,” the U.S. Court of Appeals for the Ninth Circuit ruling reads.

The officials who signed on to Monday’s include those who have notable current or past industry ties; Bolton, for instance, worked for Google from 2022 to 2024.

The potential interplays between monopolistic practices and cybersecurity have been a source of debate amid the rise of U.S. tech giants.

You can read the brief below.

Greg Otto contributed reporting to this story.

The post Court ruling in Epic-Google fight could have ‘catastrophic’ cyber consequences, former gov’t officials say appeared first on CyberScoop.

PUBLIC DEFENDER By Brian Livingston For many years, security software has run in Windows’ so-called kernel mode. This privileged execution level gives Windows — and any other software running in that mode — total control over your computer. But apps having this much power can be disastrous for your system and for you. Catastrophes have […]

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied “promo code,” interested players can claim a $2,500 credit on the advertised gaming website.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action. At the scam website gamblerbeast[.]com, for example, visitors can pick from dozens of games like B-Ball Blitz, in which you play a basketball pro who is taking shots from the free throw line against a single opponent, and you bet on your ability to sink each shot.

The financial part of this scam begins when users try to cash out any “winnings.” At that point, the gaming site will reject the request and prompt the user to make a “verification deposit” of cryptocurrency — typically around $100 — before any money can be distributed. Those who deposit cryptocurrency funds are soon asked for additional payments.

However, any “winnings” displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again. Compounding the problem, victims likely will soon be peppered with come-ons from “recovery experts” who peddle dubious claims on social media networks about being able to retrieve funds lost to such scams.

KrebsOnSecurity first learned about this network of phony betting sites from a Discord user who asked to be identified only by their screen name: “Thereallo” is a 17-year-old developer who operates multiple Discord servers and said they began digging deeper after users started complaining of being inundated with misleading spam messages promoting the sites.

“We were being spammed relentlessly by these scam posts from compromised or purchased [Discord] accounts,” Thereallo said. “I got frustrated with just banning and deleting, so I started to investigate the infrastructure behind the scam messages. This is not a one-off site, it’s a scalable criminal enterprise with a clear playbook, technical fingerprints, and financial infrastructure.”

After comparing the code on the gaming sites promoted via spam messages, Thereallo found they all invoked the same API key for an online chatbot that appears to be in limited use or else is custom-made. Indeed, a scan for that API key at the threat hunting platform Silent Push reveals at least 1,270 recently-registered and active domains whose names all invoke some type of gaming or wagering theme.

Thereallo said the operators of this scam empire appear to generate a unique Bitcoin wallet for each gaming domain they deploy.

“This is a decoy wallet,” Thereallo explained. “Once the victim deposits funds, they are never able to withdraw any money. Any attempts to contact the ‘Live Support’ are handled by a combination of AI and human operators who eventually block the user. The chat system is self-hosted, making it difficult to report to third-party service providers.”

Thereallo discovered another feature common to all of these scam gambling sites [hereafter referred to simply as “scambling” sites]: If you register at one of them and then very quickly try to register at a sister property of theirs from the same Internet address and device, the registration request is denied at the second site.

“I registered on one site, then hopped to another to register again,” Thereallo said. Instead, the second site returned an error stating that a new account couldn’t be created for another 10 minutes.

“They’re tracking my VPN IP across their entire network,” Thereallo explained. “My password manager also proved it. It tried to use my dummy email on a site I had never visited, and the site told me the account already existed. So it’s definitely one entity running a single platform with 1,200+ different domain names as front-ends. This explains how their support works, a central pool of agents handling all the sites. It also explains why they’re so strict about not giving out wallet addresses; it’s a network-wide policy.”

In many ways, these scambling sites borrow from the playbook of “pig butchering” schemes, a rampant and far more elaborate crime in which people are gradually lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms.

Pig butchering scams are typically powered by people in Asia who have been kidnapped and threatened with physical harm or worse unless they sit in a cubicle and scam Westerners on the Internet all day. In contrast, these scambling sites tend to steal far less money from individual victims, but their cookie-cutter nature and automated support components may enable their operators to extract payments from a large number of people in far less time, and with considerably less risk and up-front investment.

Silent Push’s Zach Edwards said the proprietors of this scambling empire are spending big money to make the sites look and feel like some fancy new type of casino.

“That’s a very odd type of pig butchering network and not like what we typically see, with much lower investments in the sites and lures,” Edwards said.

Here is a list of all domains that Silent Push found were using the scambling network’s chat API.

| Bronwen Aker // Sr. Technical Editor, M.S. Cybersecurity, GSEC, GCIH, GCFE Go online these days and you will see tons of articles, posts, Tweets, TikToks, and videos about how […]

The post Crafting the Perfect Prompt: Getting the Most Out of ChatGPT and Other LLMs appeared first on Black Hills Information Security, Inc..

Hey, Campers! It’s that time of year again. The smell of 0-day in the air. Charlatans roasting by the pyre. Old friends and new gather in one of the worst […]

The post Join Us for Camp BHIS @ DEF CON 31  appeared first on Black Hills Information Security, Inc..

The post How to Play Competitive Backdoors & Breaches w/ Jason Blanchard (1-Hour) appeared first on Black Hills Information Security, Inc..

Ean Meyer // This post is for attendees of Wild West Hackin’ Fest: Deadwood 2022 POGs? Yes, POGs! If you aren’t familiar with POGs, this game started decades ago, reaching […]

The post POGS at Wild West Hackin’ Fest!  appeared first on Black Hills Information Security, Inc..

02:28 – Story # 1: American Airlines Breach Exposes Customer and Staff Information– https://www.infosecurity-magazine.com/news/american-airlines-breach-customer/18:59 – Story # 2: London police arrest, charge teen hacking suspect but won’t confirm GTA 6, Uber […]

The post Talkin’ About Infosec News – 10/5/2022 appeared first on Black Hills Information Security, Inc..

💾

Ray Felch // Recently, it was suggested that it would be cool to create a hardware badge for one of the upcoming InfoSec conferences. Admittedly, I have a pretty solid […]

The post So You Want to Build a Conference Hardware Badge! appeared first on Black Hills Information Security, Inc..

Have you heard of Backdoors & Breaches, or even have a deck of your own, and yet… still don’t know how to use it? We created an incident response card […]

The post How to Use Backdoors & Breaches to do Tabletop Exercises and Learn Cybersecurity appeared first on Black Hills Information Security, Inc..

Have you ever seen a call for papers for a conference and thought to yourself that you’d like to submit a talk and then immediately thought, oh never mind? Have […]

The post Webcast: How to Share Your Knowledge with Others appeared first on Black Hills Information Security, Inc..

💾